Glossary term
Glossary term
Governance and Compliance
A failure to meet a requirement, whether from a standard, law, policy, procedure, contract, or internal control. Nonconformities need correction, root cause analysis, and appropriate corrective action. Examples include undocumented AI systems, missing impact assessments, unapproved data use, ineffective monitoring, unresolved high-risk findings, or vendor AI use outside contractual controls.
The Italian Garante found OpenAI's ChatGPT in nonconformity with GDPR in March 2023, leading to a temporary ban and a EUR 15 million fine in December 2024.
The Dutch Data Protection Authority found Clearview AI in nonconformity with GDPR in 2024, imposing a EUR 30.5 million fine for unlawful scraping and facial recognition.
Under ISO 42001 clause 10.1, when a nonconformity occurs the organization must react, evaluate the need for action to eliminate the cause, and implement action.